1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 6 #include "br_private.h" 7 8 static int __vlan_add(struct net_port_vlans *v, u16 vid) 9 { 10 int err; 11 12 if (test_bit(vid, v->vlan_bitmap)) 13 return -EEXIST; 14 15 if (v->port_idx && vid) { 16 struct net_device *dev = v->parent.port->dev; 17 18 /* Add VLAN to the device filter if it is supported. 19 * Stricly speaking, this is not necessary now, since devices 20 * are made promiscuous by the bridge, but if that ever changes 21 * this code will allow tagged traffic to enter the bridge. 22 */ 23 if (dev->features & NETIF_F_HW_VLAN_FILTER) { 24 err = dev->netdev_ops->ndo_vlan_rx_add_vid(dev, vid); 25 if (err) 26 return err; 27 } 28 } 29 30 set_bit(vid, v->vlan_bitmap); 31 v->num_vlans++; 32 return 0; 33 } 34 35 static int __vlan_del(struct net_port_vlans *v, u16 vid) 36 { 37 if (!test_bit(vid, v->vlan_bitmap)) 38 return -EINVAL; 39 40 if (v->port_idx && vid) { 41 struct net_device *dev = v->parent.port->dev; 42 43 if (dev->features & NETIF_F_HW_VLAN_FILTER) 44 dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid); 45 } 46 47 clear_bit(vid, v->vlan_bitmap); 48 v->num_vlans--; 49 if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) { 50 if (v->port_idx) 51 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 52 else 53 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 54 kfree_rcu(v, rcu); 55 } 56 return 0; 57 } 58 59 static void __vlan_flush(struct net_port_vlans *v) 60 { 61 bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN); 62 if (v->port_idx) 63 rcu_assign_pointer(v->parent.port->vlan_info, NULL); 64 else 65 rcu_assign_pointer(v->parent.br->vlan_info, NULL); 66 kfree_rcu(v, rcu); 67 } 68 69 /* Strip the tag from the packet. Will return skb with tci set 0. */ 70 static struct sk_buff *br_vlan_untag(struct sk_buff *skb) 71 { 72 if (skb->protocol != htons(ETH_P_8021Q)) { 73 skb->vlan_tci = 0; 74 return skb; 75 } 76 77 skb->vlan_tci = 0; 78 skb = vlan_untag(skb); 79 if (skb) 80 skb->vlan_tci = 0; 81 82 return skb; 83 } 84 85 struct sk_buff *br_handle_vlan(struct net_bridge *br, 86 const struct net_port_vlans *pv, 87 struct sk_buff *skb) 88 { 89 u16 vid; 90 91 if (!br->vlan_enabled) 92 goto out; 93 94 /* At this point, we know that the frame was filtered and contains 95 * a valid vlan id. If the vlan id matches the pvid of current port 96 * send untagged; otherwise, send taged. 97 */ 98 br_vlan_get_tag(skb, &vid); 99 if (vid == br_get_pvid(pv)) 100 skb = br_vlan_untag(skb); 101 else { 102 /* Egress policy says "send tagged". If output device 103 * is the bridge, we need to add the VLAN header 104 * ourselves since we'll be going through the RX path. 105 * Sending to ports puts the frame on the TX path and 106 * we let dev_hard_start_xmit() add the header. 107 */ 108 if (skb->protocol != htons(ETH_P_8021Q) && 109 pv->port_idx == 0) { 110 /* vlan_put_tag expects skb->data to point to 111 * mac header. 112 */ 113 skb_push(skb, ETH_HLEN); 114 skb = __vlan_put_tag(skb, skb->vlan_tci); 115 if (!skb) 116 goto out; 117 /* put skb->data back to where it was */ 118 skb_pull(skb, ETH_HLEN); 119 skb->vlan_tci = 0; 120 } 121 } 122 123 out: 124 return skb; 125 } 126 127 /* Called under RCU */ 128 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, 129 struct sk_buff *skb, u16 *vid) 130 { 131 /* If VLAN filtering is disabled on the bridge, all packets are 132 * permitted. 133 */ 134 if (!br->vlan_enabled) 135 return true; 136 137 /* If there are no vlan in the permitted list, all packets are 138 * rejected. 139 */ 140 if (!v) 141 return false; 142 143 if (br_vlan_get_tag(skb, vid)) { 144 u16 pvid = br_get_pvid(v); 145 146 /* Frame did not have a tag. See if pvid is set 147 * on this port. That tells us which vlan untagged 148 * traffic belongs to. 149 */ 150 if (pvid == VLAN_N_VID) 151 return false; 152 153 /* PVID is set on this port. Any untagged ingress 154 * frame is considered to belong to this vlan. 155 */ 156 __vlan_hwaccel_put_tag(skb, pvid); 157 return true; 158 } 159 160 /* Frame had a valid vlan tag. See if vlan is allowed */ 161 if (test_bit(*vid, v->vlan_bitmap)) 162 return true; 163 164 return false; 165 } 166 167 /* Called under RCU. */ 168 bool br_allowed_egress(struct net_bridge *br, 169 const struct net_port_vlans *v, 170 const struct sk_buff *skb) 171 { 172 u16 vid; 173 174 if (!br->vlan_enabled) 175 return true; 176 177 if (!v) 178 return false; 179 180 br_vlan_get_tag(skb, &vid); 181 if (test_bit(vid, v->vlan_bitmap)) 182 return true; 183 184 return false; 185 } 186 187 /* Must be protected by RTNL */ 188 int br_vlan_add(struct net_bridge *br, u16 vid) 189 { 190 struct net_port_vlans *pv = NULL; 191 int err; 192 193 ASSERT_RTNL(); 194 195 pv = rtnl_dereference(br->vlan_info); 196 if (pv) 197 return __vlan_add(pv, vid); 198 199 /* Create port vlan infomration 200 */ 201 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 202 if (!pv) 203 return -ENOMEM; 204 205 pv->parent.br = br; 206 err = __vlan_add(pv, vid); 207 if (err) 208 goto out; 209 210 rcu_assign_pointer(br->vlan_info, pv); 211 return 0; 212 out: 213 kfree(pv); 214 return err; 215 } 216 217 /* Must be protected by RTNL */ 218 int br_vlan_delete(struct net_bridge *br, u16 vid) 219 { 220 struct net_port_vlans *pv; 221 222 ASSERT_RTNL(); 223 224 pv = rtnl_dereference(br->vlan_info); 225 if (!pv) 226 return -EINVAL; 227 228 __vlan_del(pv, vid); 229 return 0; 230 } 231 232 void br_vlan_flush(struct net_bridge *br) 233 { 234 struct net_port_vlans *pv; 235 236 ASSERT_RTNL(); 237 238 pv = rtnl_dereference(br->vlan_info); 239 if (!pv) 240 return; 241 242 __vlan_flush(pv); 243 } 244 245 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 246 { 247 if (!rtnl_trylock()) 248 return restart_syscall(); 249 250 if (br->vlan_enabled == val) 251 goto unlock; 252 253 br->vlan_enabled = val; 254 255 unlock: 256 rtnl_unlock(); 257 return 0; 258 } 259 260 /* Must be protected by RTNL */ 261 int nbp_vlan_add(struct net_bridge_port *port, u16 vid) 262 { 263 struct net_port_vlans *pv = NULL; 264 int err; 265 266 ASSERT_RTNL(); 267 268 pv = rtnl_dereference(port->vlan_info); 269 if (pv) 270 return __vlan_add(pv, vid); 271 272 /* Create port vlan infomration 273 */ 274 pv = kzalloc(sizeof(*pv), GFP_KERNEL); 275 if (!pv) { 276 err = -ENOMEM; 277 goto clean_up; 278 } 279 280 pv->port_idx = port->port_no; 281 pv->parent.port = port; 282 err = __vlan_add(pv, vid); 283 if (err) 284 goto clean_up; 285 286 rcu_assign_pointer(port->vlan_info, pv); 287 return 0; 288 289 clean_up: 290 kfree(pv); 291 return err; 292 } 293 294 /* Must be protected by RTNL */ 295 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 296 { 297 struct net_port_vlans *pv; 298 299 ASSERT_RTNL(); 300 301 pv = rtnl_dereference(port->vlan_info); 302 if (!pv) 303 return -EINVAL; 304 305 return __vlan_del(pv, vid); 306 } 307 308 void nbp_vlan_flush(struct net_bridge_port *port) 309 { 310 struct net_port_vlans *pv; 311 312 ASSERT_RTNL(); 313 314 pv = rtnl_dereference(port->vlan_info); 315 if (!pv) 316 return; 317 318 __vlan_flush(pv); 319 } 320